from YP mailinglist ...
> Subject: cve-checker tool
> Hi guys,
> I have some questions regarding cve-check tool. I don't find anything
> about this tool in Yocto
> 2.2 release, dose documentation mention this tool and how to use it?
> Is this tool planned to be integrated with daily build so the Yocto project
> can detect Not addressed CVEs automatically?
> Does this tool look at CVE tag inside the recipe as well or only checks the
> package version?
> Can this tool be used together with "meta-security-isafw" and get a fancy
There are some useful info in the cve-check.bbclass:
#In order to use this class just inherit the class in the
- local.conf file and it will add the cve_check task for
- every recipe. The task can be used per recipe, per image,
- or using the special cases "world" and "universe". The
- cve_check task will print a warning for every unpatched
- CVE found and generate a file in the recipe WORKDIR/cve
- directory. If an image is build it will generate a report
- in DEPLOY_DIR_IMAGE for all the packages used.
I see following logs are generated: